production.log contains proxy ip instead real ip
Added by Sven Kilchenmann over 9 years ago
Apache with passenger-install-apache2-module only logs proxy ip
I've set up a Redmine instance with Apache using passenger-install-apache2-module to serve the page.
So far everything works fine. Since we do not have a dmz we installed a reverse proxy (ngnix) which handles the requests of a subdomain to be routed to the Apache instance.
But now the production.log of Redmine always show the public ip of the reverse proxy instead of the real ip.
schween@aff:/usr/share/redmine$ RAILS_ENV=production script/about sh: 1: svn: not found sh: 1: darcs: not found sh: 1: hg: not found sh: 1: cvs: not found sh: 1: bzr: not found Environment: Redmine version 2.6.1.stable Ruby version 2.1.5-p273 (2014-11-13) [x86_64-linux] Rails version 3.2.21 Environment production Database adapter Mysql2 SCM: Git 1.9.1 Filesystem Redmine plugins: clipboard_image_paste 1.9 redmine_questions 0.0.5 redmine_vote 1.2.1 redmine_wiki_extensions 0.6.5
Anybody knows how to solve this issue - fast search with google didn't solve my issue.
Thanks for the fish
sCHween
Replies (6)
RE: production.log contains proxy ip instead real ip - Added by Jan Niggemann (redmine.org team member) over 9 years ago
we installed a reverse proxy (ngnix) [...]
But now the production.log of Redmine always show the public ip of the reverse proxy instead of the real ip.
Perhaps I don't understand your question, but what else should be logged than the IP of the reverse proxy?
RE: production.log contains proxy ip instead real ip - Added by Sven Kilchenmann over 9 years ago
I guess the only thing I'm interested in is the real ip instead the proxy ip.
If I got the real ip I can build up some additional things like fail2ban and so on..
RE: production.log contains proxy ip instead real ip - Added by Jan Niggemann (redmine.org team member) over 9 years ago
If possible at all, this is out of the scope of redmine. Please ask in a forum dedicated to the reverse proxy you're using.
IMHO you're trying to do something that's conceptually not reasonable - intrusion prevention needs to take place on your reverse proxy or even further up...
RE: production.log contains proxy ip instead real ip - Added by Sven Kilchenmann over 9 years ago
oki...
RE: production.log contains proxy ip instead real ip - Added by Pavel Potcheptsov over 9 years ago
Hi, this block of rules in my nginx conf for redmine gives real IPs of local (LAN) and external (Internet) users in production.log
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header CLIENT_IP $remote_addr;
RE: production.log contains proxy ip instead real ip - Added by Jan Niggemann (redmine.org team member) over 9 years ago
Cool, next time I'll try nginx instead of pound to get to know it some more.
Nevertheless, you should do any filtering / IPS / whatever further up the line (i.e. on the proxy)...